[CWD-4342] Don't try to invalidate a session ID of an empty string

Type: Suggestion
Resolution: Fixed
Fix Version/s: 2.8.3
Component/s: None
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Since ~~CWD-4271~~, deleting an empty session token results in invalidating all sessions. As this was never an expected value, specifically check for it and fail locally.

At the same time, check for cases that are calling this conditionally on having a session token and ensure they don't treat it as something that can be invalidated.

causes

JRACLOUD-65801 All users are logged out of JIRA Cloud every 1 or 2 minutes

Closed

is related to

JRACLOUD-41559 Some REST calls return 200 with no body and AUTHENTICATED_FAILED

Closed

JRACLOUD-65801 All users are logged out of JIRA Cloud every 1 or 2 minutes

Closed

JRASERVER-41559 Some REST calls return 200 with no body and AUTHENTICATED_FAILED

Gathering Impact

relates to

JRACLOUD-65853 Upgrade Crowd to 2.8.3+

Closed

CWD-4271 As an admin, I want to bulk-expire SSO sessions

Closed

mentioned in: Page Loading...; Page Loading...

(1 relates to, 2 mentioned in)

Katherine Yabut made changes - 19/Sep/2019 5:51 AM

Workflow	Original: JAC Suggestion Workflow [ 3388306 ]	New: JAC Suggestion Workflow 3 [ 3630262 ]
Status	Original: RESOLVED [ 5 ]	New: Closed [ 6 ]

Monique Khairuliana (Inactive) made changes - 19/Aug/2019 11:53 PM

Workflow	Original: Simplified Crowd Development Workflow v2 [ 1393364 ]	New: JAC Suggestion Workflow [ 3388306 ]
Issue Type	Original: Improvement [ 4 ]	New: Suggestion [ 10000 ]

vkharisma made changes - 01/Apr/2017 7:43 PM

Link

New: This issue is related to JRACLOUD-43151 [ JRACLOUD-43151 ]

Owen made changes - 12/May/2016 2:52 AM

Workflow

Original: Crowd Development Workflow v2 [ 857843 ]

New: Simplified Crowd Development Workflow v2 [ 1393364 ]

Ferd made changes - 02/Dec/2015 11:46 PM

Remote Link

New: This issue links to "Page (Extranet)" [ 143465 ]

David Black made changes - 17/Jul/2015 6:30 AM

Link

New: This issue is related to JRA-41559 [ JRA-41559 ]

Earl McCutcheon made changes - 23/Jun/2015 6:34 PM

Link

New: This issue relates to ~~JRA-43968~~ [ ~~JRA-43968~~ ]

Kevin Leicht added a comment - 09/Jun/2015 10:43 PM

This started affecting us yesterday. CROWD is a system integration and I don't see any way of disabling it. It is a huge problem for our users, as our developers and sysadmins are in jira all through the day. Waiting for the 'next release' is really not an option for us. I need a workaround.

Kevin Leicht added a comment - 09/Jun/2015 10:43 PM This started affecting us yesterday. CROWD is a system integration and I don't see any way of disabling it. It is a huge problem for our users, as our developers and sysadmins are in jira all through the day. Waiting for the 'next release' is really not an option for us. I need a workaround.

Sunny Kalsi [Atlassian] made changes - 12/May/2015 12:56 AM

Remote Link

New: This issue links to "Page (Extranet)" [ 103928 ]

Joe Clark added a comment - 11/May/2015 3:45 PM - edited

I think the fix version on this issue is set incorrectly - the related commit, #2c5593c3 does not appear to exist in any released tag or branch.

jwalton - could you fix this up please? Also I think the impact of this bug might be nastier than originally estimated. This will affect anyone using the CrowdSSOAuthenticator in Confluence/JIRA. I haven't set up a Crowd + JIRA environment to test with, but I'm pretty sure any action in Conf/JIRA that attempts to do a Seraph logout on an anonymous user will trigger this behaviour, resulting in everyone being logged out.

Once the fixed version of Crowd is available, tickets will need to be created to update the shipped Crowd version in Conf/JIRA

Joe Clark added a comment - 11/May/2015 3:45 PM - edited I think the fix version on this issue is set incorrectly - the related commit, #2c5593c3 does not appear to exist in any released tag or branch. jwalton - could you fix this up please? Also I think the impact of this bug might be nastier than originally estimated. This will affect anyone using the CrowdSSOAuthenticator in Confluence/JIRA. I haven't set up a Crowd + JIRA environment to test with, but I'm pretty sure any action in Conf/JIRA that attempts to do a Seraph logout on an anonymous user will trigger this behaviour, resulting in everyone being logged out. Once the fixed version of Crowd is available, tickets will need to be created to update the shipped Crowd version in Conf/JIRA

Assignee:: joe

Reporter:: joe

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 04/May/2015 3:56 AM

Updated:: 19/Sep/2019 5:51 AM

Resolved:: 07/May/2015 12:13 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Kevin Leicht added a comment - 09/Jun/2015 10:43 PM

Expand comment: Kevin Leicht added a comment - 09/Jun/2015 10:43 PM

Collapse comment: Joe Clark added a comment - 11/May/2015 3:45 PM, Edited by Joe Clark - 11/May/2015 3:46 PM

Expand comment: Joe Clark added a comment - 11/May/2015 3:45 PM, Edited by Joe Clark - 11/May/2015 3:46 PM

People

Dates